5 Sept 2017 – Organizations and government agencies from Asia, Australia, Europe, and the U.S. are joining forces to advance a standardized language for cyber operations command and control. The work of the new OASIS OpenC2 Technical Committee enables defenders to respond to cyber-attacks in machine-speed. It also helps ensure greater interoperability among products.

Cyber threats are realized in seconds while human responses can take weeks. By providing a common language for machine-to-machine communication, OpenC2 makes it possible for defenders to conduct automated, coordinated, tactical threat responses more accurately and at speeds greater than those previously possible.

Most environments include hundreds of types of systems and devices. Without OpenC2, every device needs to be manually configured or sent commands in real time. This not only slows down incident response, it introduces the potential for human error. With OpenC2, defensive actions can be applied automatically to vulnerable devices in the environment.

"As cyber threats continue to proliferate and accelerate, the community needs foundational mechanisms for coordinating, exchanging, and executing defensive responses at machine speed," said Neal Ziring, Technical Director, Capabilities Directorate, U.S. National Security Agency (NSA). "OpenC2 will fill a critical gap in our standards landscape, and drive interoperability that will be critical for cyber defense."

OpenC2 is platform- and product-agnostic. It complements active cyber defense approaches. Using OpenC2, organizations can devise ways of preventing specific threats and share those methods with others in precise, machine-readable terms. Receiving organizations can apply the mitigation directly to their environments without concern about interoperability.

"Moving OpenC2 to the OASIS international standards body is a major milestone and has had a very positive impact on the effort," said Joe Brule of the NSA, co-chair of the OASIS OpenC2 Technical Committee. "OpenC2 now has in excess of 100 members representing 54 organizations from industry, government, academia, the financial sector, power grid and other major stakeholders. Broad participation will facilitate the development and deployment of OpenC2."

"We are in strong support of OpenC2 adoption, and we encourage the community of practitioners and vendors to work together to establish and implement this standard so that we can reduce the complexity of our integrated systems and increase the speed at which we can respond to attacks," added Sounil Yu of Bank of America, who co-chairs the OASIS OpenC2 Technical Committee along with Brule.

Laurent Liscia, CEO and executive director of OASIS, said, "We’re excited to have OpenC2 at OASIS. It's a strong specification, with solid industry support. OpenC2 is a welcome addition to our cybersecurity portfolio. Many members of the OASIS Cyber Threat Intelligence (CTI) Technical Committee, which advances the STIX and TAXII standards, are also involved in OpenC2."

Support for OpenC2

ForeScout Chief Strategy Officer, Pedro Abreu, said, "OpenC2 and ForeScout benefit from each other in a unique manner. ForeScout's device identification and classification engine provides the much needed, fine grained distinction between devices all the way from legacy server systems to modern IoT gadgets and anything in between. OpenC2’s action framework through actuators provides the capability to define an abstract course of action for incident response. With the combination of both, organizations can take a quick contextual action at machine speed to reduce their attack surface."

G2, Inc. President, Paul Green, said, "G2 is thrilled OpenC2 is gaining more traction in the OASIS community. Early on, we recognized the critical need for vendor-agnostic command and control in support of cyber defense and are proud that our design principles and early work on the syntax and vocabulary have been enthusiastically received. The wide adoption of OpenC2 will make it significantly easier for defensive systems to orchestrate their activities to address cyber threats in real time."

LookingGlass CTO, Allan Thomson, said, "Cyber threats continue to increase in sophistication and speed, forcing cyber defenders to look for technologies that provide coordinated real-time detection and response. LookingGlass is excited to contribute our expertise and background to integrate threat intelligence and threat mitigation technologies in the new OpenC2 standard."

NC4 Soltra Development Manager, Mark Davidson, said "Moving the standardization of interfaces and protocols for machine-to-machine, automated threat detection under Oasis’ Open Command and Control (OpenC2) technical committee will help ensure vendor interoperability. In the long run, the ability to quickly provide cyber-defenders the action part in the cybersecurity equation, will strengthen and support cyber defenses."

NEC General Manager, Cyber Security Strategy Division, Toshiyuki Ishii, said, "NEC is very pleased to be part of the OpenC2 Technical Committee and continues to drive OpenC2 adoption with industry partnerships to benefit customers. NEC believes that a common language for defensive actions is crucial for proactively countering the cyber threat in real time. We are excited about the formation of OpenC2 TC and support its efforts through its contributing to and promotion of this global standard."

New Context CEO, Daniel Riedel, said, "Our vulnerable attack surface is increasing, as are the adversaries targeting our systems and networks. Security automation is a force multiplier for defenders. New Context is committed to the development of OpenC2 as we are convinced that an open, vendor-neutral standard for driving interoperable machine-driven mitigation and incident response is essential in order to enable organizations to cope with the rising challenges and growing numbers of increasingly sophisticated cyber threats."

Phantom CTO & Co-founder, Sourabh Satish, said, "Phantom's partnership with the OpenC2 Forum began several years ago. The adversaries are using automation against us, so the only way to mitigate attacks at cyber-speed is with automation. With a strong specification and support from industry leaders like Phantom, the OASIS OpenC2 Technical Committee will make great progress in defining a standardized language for cyber operations command and control."

Swimlane Founder and CEO, Cody Cornell, said, "The future of security is going to require high levels of interoperability, and the only way we get there is through open standards. That is why we are so excited about the work being done collectively by the federal government, security vendors, and the OpenC2 Technical Committee."

Tanium Chief Security Officer, David Damato, said, "As the number of connected devices rapidly multiplies and the cyber threat grows, it's become clear we need a common language for technologies to automatically communicate with each other, both within and across networks. This interoperability will help organizations operate at the speed needed to stop attacks. We support the development of the OpenC2 standard and applaud OASIS for bringing businesses and government agencies together to develop it."

ThreatQuotient CTO, Ryan Trost, said, "Operationalization and use of cyber threat intelligence (CTI) across all tools within the infrastructure serves as the glue to accelerate detection and response. The adoption of open standards like OpenC2 to effectively use CTI and automate response is critical to achieve an integrated defense."

More information

About OASIS

OASIS is a non-profit, international consortium that drives the development, convergence, and adoption of open standards for the global information society. OASIS promotes industry consensus and produces worldwide standards for cyber security, privacy, cloud computing, IoT, SmartGrid, and other areas. OASIS open standards offer the potential to lower cost, stimulate innovation, grow global markets, and protect the right of free choice of technology. OASIS members broadly represent the marketplace of public and private sector technology leaders, users, and influencers. The consortium has more than 5,000 participants representing over 600 organizations and individual members in 65+ countries.

Connect with OASIS

News by Year

Related links

Testimonials

Cybersecurity is one of the greatest challenges our modern society faces and requires a coordinated approach to succeed. Under OASIS leadership, we see an opportunity to better organize the good guys to fight cybercriminals by sharing cyber threat intelligence data in an automated and efficient data standard.

As a Sponsor of the OASIS CTI Technical Committee, we are delighted to be at the forefront of advancing critically important standards like STIX, TAXII and CybOX. By creating protocols that address how to best model, analyze, and share cyber threat intelligence, we can provide greater support to overwhelmed security professionals.

Soltra is proud to be a member of the OASIS CTI Technical Committee. Our threat information sharing solution, Soltra Edge, was built leveraging STIX, TAXII, and Cybox – key standards within the industry. We look forward to contributing to CTI as we continue to establish and maintain open standards, while improving cyber security capabilities and reducing workload.

Open standards and community sharing are vital components of a successful and effective fight against cybercrime. Our goal is to make Threat Intelligence, from a variety of sources, timely and actionable.

Focusing on standardizing threat intelligence technologies to keep sensitive government and corporate information secure is paramount to the mission of OASIS and its members. At ViaSat, we take a comprehensive approach to cybersecurity, from identifying potential cyber and physical security vulnerabilities to designing and implementing a plan that leverages big data analytics, intuitive visualization and intelligent automation to keep pace with evolving threats no matter where data resides on the network or how it is accessed.

iSIGHT Partners, creator of the commercial cyber threat intelligence category, understands how security organizations can gain the advantage over adversaries by using threat intelligence across their security and risk management program. As an early contributor and enabler of STIX, we welcome the opportunity to join with OASIS to further develop CTI standards and accelerate the adoption of context rich threat intelligence.

At OASIS, you don't have to be a large vendor to influence work. Of all the standards bodies we’ve participated in, OASIS is the only one we recommend with no hesitation. It is a group that simply works.

We are proud to support the work OASIS is doing to advance their cybersecurity specifications and promote information sharing, a critical factor in today's security posture. By sharing details about malicious incidents quickly, not only between the public and private sectors, but across industry lines within the private sector as well, we can work together to better defend ourselves and stay ahead of the hackers.

STIX and TAXII in particular are important initiatives towards next generation threat intelligence. Using the same terms, data streams, and threat modeling methods will help researchers, vendors, and law enforcement alike share information back and forth to stay abreast or even ahead of threat actor groups. We are pleased to contribute to this and more through OASIS.

We have long been committed to any advances that can better enable the sharing of threat intelligence among security professionals. Until now, organizations have been hampered by a lack of common standards and the tendency for security information to be siloed. We strongly support this important endeavor and look forward to contributing to the standardization being led by OASIS.

NEC is very pleased to be part of the CTI Technical Committee and continues to drive CTI adoption with industry partnerships to benefit customers. NEC believes that threat intelligence standards are crucial for proactively countering the cyber threat. We are excited about the formation of CTI TC and support its efforts through its contributing to and promotion of this global standard.

We have been advocates of STIX, TAXII and CybOx for some time. OASIS as an international standards checkpoint will undoubtedly improve threat intelligence sharing amongst partners by facilitating the exchange of computer-readable threat information.

Development of an industry-wide standards framework for cyber threat intelligence is crucial for the information security industry to be able to define and share threats. New Context is a proud sponsor of OASIS and believes strongly in open and transparent standards frameworks development. We look forward to collaborating on the next standards for STIX, CybOX and TAXII.

I always encourage vendors with products related to access control, security, or cloud computing to join the appropriate OASIS Technical Committees and contribute to the standards work. We all benefit that way.